Rejected queries for mx???.emailfiltering.com
cmadams at hiwaay.net
Wed Jan 19 20:28:41 UTC 2011
Once upon a time, Phil Mayers <p.mayers at imperial.ac.uk> said:
>On the subject of rejected queries - although this isn't a bind question
>per-se, I'm curious if anyone else here sees a lot of these:
>client 184.108.40.206#23861: view main: query (cache)
>We get *loads* of them to our authoritative resolvers. I am assuming
>they are attempts at cache poisoning given the (ahem) dubious
>geographical origin of the queries (no offense intended to anyone living
>in those parts of the world) but I can't see any corresponding inbound
>forged DNS packets in our netflow.
Do you have domains listing mx242.emailfiltering.com as an MX? I have
seen some broken resolvers that will do an MX lookup and then turn
around and do A lookups for the MX hosts at the same DNS server.
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the bind-users